Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-2130

CWE-89 — SQL Injection4 documents4 sources

Severity

9.8CRITICAL

EPSS

81.2%

top 0.84%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sourcecodester Purchase Order Management System Purchase Order Management System Project Purchase Order Management System

Timeline

PublishedApr 17

Description

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/purchase_order_management_system1.0

▶NVDpurchase_order_management_system_project/purchase_order_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-mhpj-ghcf-5j4p: A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1↗2023-04-17

▶

CVEList

SourceCodester Purchase Order Management System GET Parameter view_details.php sql injection↗2023-04-17

▶

💥Exploits & PoCs

Nuclei

Purchase Order Management v1.0 - SQL Injection

▶